Ansible Validated Content: Introduction to infra.osbuild Collection
Introduction to the Image builder use case
During the last year we met with multiple edge customers, covering the automation needs for IT Linux infrastructure at scale across remote locations where there is often no IT staff on site. Think about retail stores, dark stores and warehouses where self-checkout, handhelds and POS devices hosting RHEL are distributed everywhere.
For industrial setups and manufacture, this could be the scenario for small factor servers and storage hosting logging monitoring to gather information about operational activities, which are located in secure facilities.
One of the recurrent needs for our customers with distributed devices is the ability to upgrade Linux devices faster, at scale, mostly due to regulations or security risks. Ideally, you should be able to patch at scale as soon as a vulnerability is identified.
The main challenge with the traditional RPM patching model is that it is incremental, and frequently some Linux devices might have slight differences. That is why there are new edge-focused capabilities and models that start with the premise that you could and should test a whole base image, and once it passes your validations, it should be deployed into all the target devices that Continue reading
A Deeper Look: Red Hat Named a Leader in the Forrester Wave
This week, we announced that Red Hat has been named a leader in The Forrester Wave™ Infrastructure Automation, Q1 2023. In an effort to help explain this result from our point of view, the following blog answers some of the most frequently asked questions.
What is The Forrester Wave?
“The Forrester Wave™ is a guide for buyers considering their purchasing options in a technology marketplace and is based on our analysis and opinion. To offer an equitable process for all participants, Forrester follows a publicly available methodology, which we apply consistently across all participating vendors.” [source]
Forrester has been a mainstay throughout people’s automation journeys, and Red Hat is proud to be recognized as a leader in the results of this Q1 2023 report.
What were the results?
Red Hat, specifically focused on Ansible Automation Platform, has been named a leader in the Q1, 2023 Forrester Wave™ Infrastructure Automation report.
Refer to the following graphic, that can be viewed in the final report:
Why is this significant to us?
We believe Forrester is one of the most recognized technology analyst firms in the IT space, and Continue reading
New reference architecture: Deploying Ansible Automation Platform 2 on Red Hat OpenShift
It has arrived! The latest reference architecture showcasing the best practices for deploying Red Hat Ansible Automation Platform 2.3 on Red Hat OpenShift!
Why are you going to love it?
With Ansible Automation Platform running on top of Red Hat OpenShift, you get the best of both worlds. You can now focus on what really matters - automation - while taking advantage of Red Hat Ansible Automation Platform Operator to do the heavy lifting of deploying, managing, scaling and upgrading your Ansible Automation Platform environment.
This reference architecture not only focuses on the step-by-step to deploy Red Hat Ansible Automation Platform 2.3 on Red Hat OpenShift, but focuses on key aspects including:
-
Sizing your automation controller: Learn how to size your automation controller by understanding its control capacity and how many automation jobs can run concurrently.
-
Resource management: Discover how to set resource requests and limits for the Ansible Automation Platform, ensuring that your deployment has enough resources to run smoothly and efficiently.
-
Installation guidance: Understand key considerations prior to your deployment of Red Hat Ansible Automation Platform.
-
Monitoring your Ansible Automation Platform: Learn how to use Prometheus and Grafana to monitor your Ansible Continue reading
Providing Terraform with that Ansible Magic
Late last year, we introduced a Red Hat Ansible Certified Collection Collection for Terraform. This was an important step in automation, as these two tools really are great together and leveraging Ansible's ability to orchestrate other tools in the enterprise made this a no-brainer. Terraform with its infrastructure as code (IaC) provisioning and Ansible’s strength in configuration as code are a synergy that cannot be ignored - we are better together! Organizations are now in the position to utilize their existing infrastructure as code manifests and extend their automation with Terraform and Ansible together.
Now, we are back with help from our partners at Kyndryl and XLAB and adding more value and magic to infrastructure as code - This time we have some extra muscle with an addition to the Red Hat Ansible Certified Content Collection: The Ansible provider for Terraform.
So what does the provider help us with?
Without a provider, we would need to rely on inventory plugins for the different cloud platforms and use filters to grab instance information from our freshly "Terraformed" infrastructure. This allows us to update our inventory so we can run automated tasks against these hosts. This is pretty smooth in Continue reading
Kubernetes Meets Event-Driven Ansible
In today’s fast paced world, every second counts and the ability to react to activities in a timely fashion can mean the difference between satisfying the needs of consumers and meeting Service-Level Agreements. Each are goals of Event-Driven Ansible, which seeks to further the reach of Ansible based automation by responding to events that meet certain criteria. These events can originate from a variety of sources, such as from an HTTP endpoint, messages on a queue or topic, or from public cloud resources. Kubernetes has become synonymous with managing infrastructure and applications in cloud native architectures and many organizations are reliant on these systems for running their business critical workloads. Automation and Kubernetes go hand in hand and Ansible already plays a role within this ecosystem. A new capability leveraging the Event-Driven Ansible framework is now available that extends the integration between both Ansible and Kubernetes so that Ansible automation activities can be triggered based on events and actions occurring within a Kubernetes cluster.
Event-Driven Ansible is designed using a concept called Rulebooks which consists of three main components:
- Actions - Triggering the execution of assets including an Ansible Playbook or module
- Rules - Determination of whether received events Continue reading
Enhancing/Maximizing your Scaling capability with Automation Controller 2.3
Red Hat Ansible Automation Platform 2 is the next generation automation platform from Red Hat’s trusted enterprise technology experts. We are excited to announce that the Ansible Automation Platform 2.3 release includes automation controller 4.3.
In the previous blog, we saw that automation controller 4.1 provides significant performance improvements as compared to Red Hat Ansible Tower 3.8. Automation controller 4.3 is taking that one step further. We will elaborate on an important change with callback receiver workers in automation controller 4.3 and how it can have an impact on the performance.
Callback Receiver
The callback receiver is the process in charge of transforming the standard output of Ansible into serialized objects in the automation controller database. This enables reviewing and querying results from across all your infrastructure and automation. This process is I/O and CPU intensive and requires performance considerations.
Every control node in automation controller has a callback receiver process. It receives job events that result from Ansible jobs. Job events are JSON structures, created when Ansible calls the runner callback plugin hooks. This enables Ansible to capture the result of a playbook run. The job event data structures contain Continue reading
Technology Short Take 166
Welcome to Technology Short Take #166! I’ve been collecting links for the last few weeks, and now it’s time to share them with all of you. There are some familiar names in the links below, but also some newcomers—and I’m really excited to see that! I’m constantly on the lookout for new sources (if you have a site you think I should check out, hit me up—my contact info is at the bottom of this post!). But enough of that, let’s get on with the content. Enjoy!
Networking
- Kevin Jin’s post on the APNIC blog about network automation tools is a great read. He discusses Netmiko, NAPALM, and Nornir in some detail, and provides some guidance around which network automation tool may be right for you.
- Rob Novak shares his experience in replacing Meraki with TP-Link Omada.
- Anton Kuliashov writes about why Palark uses Cilium for Kubernetes networking.
- Nick Buraglio discusses IPv6 Unique Local Addressing (ULA).
- Given how frequently I include content from Ivan, you can probably tell that I’m a big fan. This time I’m including two of his articles. In the first, he discusses the relationships between Layer 2 (VLAN) and Layer 3 (subnet) segments. In the Continue reading
Datacenter System Makers Leary But Not Weary
The central banks of the world, led by the European Central Bank and the US Federal Reserve, want to curb inflation and they are willing to cause a small recession or at least get very close to one to shock us all into controlling the acquisitive habits we developed during the lockdowns of the early years of the coronavirus pandemic. …
Datacenter System Makers Leary But Not Weary was written by Timothy Prickett Morgan at The Next Platform.
Troubleshoot RDS connectivity issues with Ansible validated content
The Ansible validated content cloud.aws_troubleshooting introduces a role named troubleshoot_rds_connectivity. This role helps you troubleshoot AWS Relational Database Service (RDS) connectivity issues from an EC2 instance.
The role diagnoses connectivity issues between an EC2 instance and an Amazon Relational Database Service instance by ensuring that the RDS instance is available and checking the associated security group rules, network access control lists, and route tables for potential connectivity issues.
To do this, the role will need the EC2 instance identifier to test connectivity from the RDS instance identifier to connect to.
Let's see how this can be used with the following example.
Configuration
We have an RDS instance and an EC2 instance running in the same VPC (virtual private cloud) with the CIDR block 10.1.0.0/16.
The RDS instance is running on two subnets with the following CIDR blocks 10.1.1.0/24 and 10.1.2.0/24.
The EC2 instance is running in another subnet in the VPC with the CIDR block 10.1.10.0/24. The EC2 instance has been assigned the following private IP address 10.1.10.41.
In the initial configuration, a security group is attached to the VPC with the following Continue reading
Maximize your hybrid cloud mastery with the Ansible validated content
In today's environment, mastering the hybrid cloud has become a key factor in IT transformation and business innovation. In this context, network complexity can be a nightmare, especially as organizations expand their infrastructure and embrace hybrid cloud and multi-cloud strategies. Without automation, monitoring and controlling network routing, infrastructure, and security in a hybrid and multi-cloud environment are difficult to manage. Furthermore, identifying and resolving network performance issues in these infrastructures are quite challenging.
In one of the previous blogs, titled “Crank up your automation with Ansible validated content”, Nuno Martins highlighted the Ansible validated content included in Red Hat Ansible Automation Platform 2.3.
In this blog post, we will show you how to leverage the amazon.aws_troubleshooting Collection for hybrid cloud to troubleshoot network performance issues and maximize your hybrid cloud mastery. In particular, we’ll use the aws_troubleshooting.connectivity_troubleshooter role.
First, let’s take a look at the amazon.aws_troubleshooting Collection.
Deep dive on cloud.aws_troubleshooting
Let’s take a deep look at the amazon.aws_troubleshooting Collection. This Collection includes a variety of Ansible Roles to help troubleshoot AWS resources. The Collection includes the following roles:
- cloud.aws_troubleshooting.troubleshoot_rds_connectivity - A role to troubleshoot RDS Continue reading
Creating a Talos Linux Cluster on AWS with Pulumi
Talos Linux is a Linux distribution purpose-built for running Kubernetes. The Talos web site describes Talos Linux as “secure, immutable, and minimal.” All system management is done via an API; there is no SSH access, no shell, and no console. In this post, I’ll share how to use Pulumi to automate the creation of a Talos Linux cluster on AWS.
I chose to write my Pulumi program in Go, but you could—of course—choose to write it in any language that Pulumi supports (JavaScript/TypeScript, Python, one of the .NET languages, Java, or even YAML). I’ve made the Pulumi program available via this GitHub repository. It’s based on these instructions for standing up Talos Linux on AWS.
The Pulumi program has four major sections:
- First, it creates the underlying base infrastructure needed for a Talos Linux cluster to run. This includes a VPC (and all the assorted other pieces, like subnets, gateways, routes, and route tables) and a load balancer. The load balancer is needed for the Kubernetes control plane, which we will bootstrap later in the program. This portion also creates the EC2 instances for the control plane.
- Next, it uses the Talos Pulumi provider to generate the Talos Continue reading
Using Red Hat Insights as a source of events for Event-Driven Ansible automation
One of the key announcements at AnsibleFest 2022 was the introduction of the Event-Driven Ansible developer preview. This technology is currently available on GitHub and accessible by technology providers and end users to provide feedback and drive the ecosystem. ISVs and consulting/service partners are specifically invited to create event driven automation content that makes it easy for customers to use in joint solutions.
Red Hat Insights events as a source for Event-Driven Ansible
Red Hat Insights, is a managed service that is included in every Red Hat subscription. It continuously analyzes platforms and applications to help enterprises manage hybrid cloud environments, and can trigger events through its Notifications service. Each account configures how and who can receive these events, with the ability to perform actions depending on the event type. For example, one may want to forward new recommendations found for Red Hat Enterprise Linux (RHEL) system configuration to a specific team by email, and/or create a new ticket in ServiceNow for the Operations team to handle. Others may want to forward all triggered events to Splunk for external analysis and troubleshooting. Through its Integrations service, Insights provides end-point integrations to Splunk, ServiceNow, Slack, as well as Continue reading
Red Hat Ansible Automation Platform now available on Google Cloud Marketplace
Breaking news! Red Hat just announced Ansible Automation Platform’s availability on Google Cloud Marketplace.
I’d like to take a few moments to provide some more details about this offering and why you should consider accessing Ansible Automation Platform directly from the Google Cloud Marketplace.
As organization’s hybrid cloud environments continue to grow in complexity, so does the need to increase efficiency and speed. The solution is to leverage an automation platform that can help any organization create, manage, and scale their automation efforts across the entire IT infrastructure. Ansible Automation Platform is the glue that coordinates and scales automation across all IT domains, and fosters a culture of collaboration across the disparate teams within an organization.
Google Cloud Marketplace deployment
Ansible Automation Platform deploys directly from the Google Cloud Marketplace as a self-managed application. The many benefits include:
- It deploys into your environment, where you have total control over how you deploy, configure, and operationalize the solution.
- Ongoing upgrades will be simpler because of this deployment model, so while this is a self-managed solution, it’s still simpler to maintain than if you had started from scratch yourself.
- The ability to scale out the Ansible Automation Platform environment using Continue reading
Technology Short Take 165
Welcome to Technology Short Take #165! Over the last few weeks, I’ve been collecting articles I wanted to share with readers on major areas in technology: networking, security, storage, virtualization, cloud computing, and OSes/applications. This particular Technology Short Take is a tad heavy on cloud computing, but there’s a decent mix of other articles as well. Enjoy!
Networking
- For a deeper understanding of Kubernetes networking, and in particular the role played by
kube-proxy, I highly recommend this post by Arthur Chiao. There is a ton of information here! - Denis Mulyalin shows how to use Nornir, Salt, and NetBox to template your network tests. Now if Denis’ site just had a discoverable RSS feed…
Security
- Aeva Black and Gil Yehuda tackle the conundrum of open source security.
- If you haven’t looked at Teri Radichel’s series of posts on automating cybersecurity metrics (ACM), you should. There’s quite a bit of good information there.
- This post on Cedar—a new policy language developed by AWS—is an interesting read. I’m curious as to the constraints that led AWS to develop a new policy language versus using something like Rego (part of Open Policy Agent); this isn’t something the article touches upon.
Cloud Computing/Cloud Continue reading
Enable Extensions on Azure Arc Connected Machines with Ansible Automation Platform
Last year, I blogged about how to use Red Hat Ansible Automation Platform to migrate Azure Arc-enabled servers from Azure Log Analytics Agents (MMA/OMS) to Azure Monitor Agent (AMA). Azure Arc supports a number of other extensions that can add additional value to your Arc-enabled infrastructure. Since my previous article, all of these extensions have been added to the azure.infrastructure_config_demos collection that contains a role for managing Arc-enabled server VM extensions with Ansible.
Each extension offers unique capabilities to your Arc-enabled fleet, such as logging, vulnerability scanning, key vault cert sync, update management, and more. Enabling these extensions is simple for small numbers of machines. When you need to scale out the work of enabling and configuring these extensions across hundreds or thousands of devices, then Ansible Automation Platform can help!
This article covers how to use Ansible Automation Platform to enable VM extensions supported in the azure.infrastructure_config_demos collection. Within the collection, there are a number of playbooks and roles; the following are pertinent to this post.
| File or Folder |
Description |
| Playbook that will be used as a job template to enable Azure Arc extensions. |
|
| Playbook that will be used Continue reading |
Stage Manager is Incomplete
I’ve been using macOS Stage Manager off and on for a little while now. In Stage Manager, I can see the beginnings of what might be a very useful paradigm for desktop computing. Unfortunately, in its current incarnation, I believe Stage Manager is incomplete.
Note that I haven’t yet tried Stage Manager on my iPad; my comments here apply only to the macOS implementation.
For those of you who haven’t yet tried Stage Manager yet, here’s a screenshot of my desktop, taken while I was writing this blog post:
I’ll draw your attention to the list of “recently used applications” on the left side of the screen. That’s the “Cast” (a term used by Howard Oakley in his great introductory article on Stage Manager). As you can see in this screenshot, the Cast supports application groups—like having Slack and Mail grouped together—as well as single applications. This allows you to easily switch between groups of applications simply by clicking on the preview in the Cast (which, using Howard’s terminology, moves the application or applications to the Stage).
This is the glimmer of a useful paradigm that I see in Stage Manager: being able to assemble groups of applications that Continue reading
Bringing faster updates to Ansible Automation Platform
In today’s fast moving world, schedule driven, incremental releases may not be what customers are looking for. After gathering input from both external and internal customers, there is a definite appetite for more content driven releases.
Rather than waiting weeks to get official builds with a bug fix (schedule driven), most would like to have those builds made available within days after the code has been tested and merged (content driven). Beginning with Red Hat Ansible Automation Platform 2.3, this new release mechanism will be the norm. This blog will explain what it means for you and your processes.
What is Ansible Automation Platform?
From a business perspective, Ansible Automation Platform is the solution Red Hat offers its customers to reach and unleash the full potential of strategic automation.
From a technical perspective, Ansible Automation Platform is an umbrella of many components that provide automation capabilities. Some of these well known components include automation controller, Ansible automation hub, ansible-runner and ansible-core, which also have underlying dependencies.
A parallel can be easily drawn with Red Hat Enterprise Linux, which is the sum of all its components’ capabilities to run a battle tested operating system, just like Ansible Continue reading
Installing the Prerelease Pulumi Provider for Talos
Normally, installing a Pulumi provider is pretty easy; you run pulumi up and the provider gets installed automatically. Worst case scenario, you can install the provider using pulumi plugin install. However, when dealing with prerelease providers, sometimes things have to be done manually. Such is the case with the prerelease Pulumi provider for Talos Linux. In this post, I’ll show you what the manual process looks like for installing a prerelease provider.
The GitHub repository for the prerelease Pulumi provider for Talos can be found here. As of this writing, the latest release was v0.1.0-beta.0. Currently, the prerelease provider for Talos Linux can’t be installed automatically when running pulumi up, and pulumi plugin install doesn’t work either.
The manual process for installing this provider looks like this:
- Download the latest release of the Talos provider from the GitHub Releases page. This will download a tarred and gzipped archive.
- The plugin files need to go into a specific subdirectory under
~/.pulumi/plugins. Navigate to that directory, and create a subdirectory whose name corresponds to the version of the Talos provider. For example, if the version downloaded is v0.1.0-beta.0, then the name of the new Continue reading
Creating custom Event-Driven Ansible source plugins
We’re surrounded! Our modern systems and applications are constantly generating events. These events could be generated by service requests, application events, health checks, etc. With the wealth of information from event traffic surrounding everything we do, Event-Driven Ansible allows for automated responses to incoming events.
But not only are we completely engulfed in event data, we’re also enveloped by event sources. Think about your organization or even your household for a minute and consider how many pieces of equipment or applications are generating data that could be put to use if only you were able to easily collect it.
Event source plugins within Event-Driven Ansible act as a bridge between Ansible and event generating applications and services. Event-Driven Ansible already has a handful of event plugins to consume events from a variety of sources. But what if your source plug-in isn’t represented in that list? Or what if you’re a Red Hat partner who wants to connect Event-Driven Ansible to your own solution? The good news is, developing event source plugins for Event-Driven Ansible can be a relatively painless endeavor.
What is a source plugin?
Event-Driven Ansible leverages rulebooks to codify the response to an event. Rulebooks combine Continue reading
Automating Docker Contexts with Pulumi
Since I switched my primary workstation to an M1-based MacBook Pro (see my review here), I’ve starting using temporary AWS EC2 instances for compiling code, building Docker images, etc., instead of using laptop-local VMs. I had an older Mac Pro (running Fedora) here in my home office that formerly filled that role, but I’ve since given that to my son (he’s a young developer who wanted a development workstation). Besides, using EC2 instances has the benefit of access when I’m away from my home office. I use Pulumi to manage these instances, and I extended my Pulumi code to also include managing local Docker contexts for me as well. In this post, I’ll share the solution I’m using.
For those that aren’t already aware, Docker supports SSH-based contexts, which allow you to use the docker CLI over an SSH connection to a remote Docker daemon (including one behind an SSH bastion host). This is the functionality I’m using to do remote Docker image builds on an EC2 instance. I wrote a bit about SSH-based Docker contexts here.
When I run pulumi up to create the infrastructure, the Pulumi code (written in Go) does a few things: